<?php
/***************
* @Project	Warabi
* @Author	Feifei
* @Date		04/12/2009
***************/

/**This module is to deal the dpf get card invitation list**/
include_once($_SERVER['DOCUMENT_ROOT'].'/header.inc.php');

$httprequest = new wbHttpRequest();

list($headers , $body) = $httprequest->output();

$receiver_name = rawurldecode($_GET["usr"]);
$device_id = rawurldecode($_GET['dev']);
$list_type = rawurldecode($_GET['type']);

/***if the sender name is empty or receiver_name and card id is empty**/
if(empty($receiver_name) || empty($device_id)){
	header(error_url_param_missing);
	exit;
}

/**if the sender doesn't exist in database , give a 400 response**/
$db = new wbDatabase();
$sql = "select * from ".__table_dpf_user__." where tel='".$receiver_name."' and dev = '".$device_id."'";
$set = $db->query($sql);

if($db->countResult($set)==0){
	header(error_url_param_missing);
	exit;
}

$result = $db->fetchResultBySet($set , MYSQL_ASSOC);
$passcode = $result["password"];
$db->freeResult($set);

/** wsse authorize **/
/***if the wsse is wrong , give a 401 unauthorized response**/
$xwsse = $headers["X_WSSE"];
$type=1;
$doorkey = magicWsse($xwsse , $db , $type);

if(!$doorkey){
	header(error_autorized_header);
	exit;
}


/** get the dpf list **/
global $wbInvitationUri ;
global $wbListLimit;
if(!empty($list_type)){
	if($list_type=="new"){
		$sql = "select * from ".__table_card_info__." , ".__table_card_list__." 
				where ".__table_card_info__.".id = ".__table_card_list__.".cardInfoId
				and receiver = '".$receiver_name."'
				and sendDate>date_sub(now() , interval ".(expire_time.' '.expire_unit).")
				and deleteFlag = 0 order by id desc limit 0 , ".$wbListLimit;
	}
	else{
		$sql = "select * from (
					select 
					".__table_card_info__.".id ,
					".__table_card_info__.".sender,
					".__table_card_info__.".description,
					".__table_card_list__.".sendDate,
					".__table_card_info__.".photoNumber,
					".__table_card_list__.".deleteFlag,
					".__table_card_list__.".readDate,
					".__table_card_list__.".cardListId 
				from ".__table_card_info__." , ".__table_card_list__." 
				where ".__table_card_info__.".id = ".__table_card_list__.".cardInfoId
				and receiver = '".$receiver_name."'
				and sendDate>date_sub(now() , interval ".(expire_time.' '.expire_unit).")
				and deleteFlag = 0 order by id asc limit 0 , ".$wbListLimit.") as A order by A.id desc";
	}
}
else{
	$sql = "select * from ".__table_card_info__." , ".__table_card_list__." 
				where ".__table_card_info__.".id = ".__table_card_list__.".cardInfoId
				and receiver = '".$receiver_name."'
				and sendDate>date_sub(now() , interval ".(expire_time.' '.expire_unit).")
				and deleteFlag = 0 
				and readFlag = 0 
				order by id desc limit 0 ,".$wbListLimit;
}

$set = $db->query($sql);
$result = array();
while($oneres = $db->fetchResultBySet($set ,MYSQL_ASSOC)){
	$arr = array(
		"id" => $oneres["cardListId"],
		"sender" => $oneres["sender"],
		"description" => $oneres["description"],
		"date" => $oneres["sendDate"],
		"photo" => $oneres["photoNumber"],
		"flag" => getInviteFlag($oneres["deleteFlag"],0,$oneres["readFlag"]),
		"link" => $wbInvitationUri."?cardid=".rawurlencode($oneres["cardListId"]."===".$device_id)
	);
	$result[] = $arr;
}
$db->freeResult($set);
if(empty($list_type)&&count($result) < $wbListLimit){
	$l = $wbListLimit-count($result);
	$sql2 ="select * from ".__table_card_info__." , ".__table_card_list__." 
			where ".__table_card_info__.".id = ".__table_card_list__.".cardInfoId
			and receiver = '".$receiver_name."'
			and sendDate>date_sub(now() , interval ".(expire_time.' '.expire_unit).")
			and deleteFlag = 0 
			and readFlag = 1  
			order by id desc limit 0 ,".$l;
	$set = $db->query($sql2);
	while($oneres = $db->fetchResultBySet($set ,MYSQL_ASSOC)){
		$arr = array(
			"id" => $oneres["cardListId"],
			"sender" => $oneres["sender"],
			"description" => $oneres["description"],
			"date" => $oneres["sendDate"],
			"photo" => $oneres["photoNumber"],
			"flag" => getInviteFlag($oneres["deleteFlag"],0,$oneres["readFlag"]),
			"link" => $wbInvitationUri."?cardid=".rawurlencode($oneres["cardListId"]."===".$device_id)
		);
		$result[] = $arr;
	}
	$db->freeResult($set);
}
$db->disconnect();

/***put the response to the client**/
$tid = getTid();
$resBody = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>";
$resBody .= "<entry>";
$resBody .= "<tid>".$tid."</tid>";
foreach($result as $invitation){
	$resBody .= "<invite>";
	$resBody .="<id>".$invitation["id"]."</id>";
	$resBody .= "<sender>".xmlencode($invitation["sender"])."</sender>";
	$resBody .="<description>".xmlencode($invitation["description"])."</description>";
	$resBody .="<date>".$invitation["date"]."</date>";
	$resBody .="<photo>".$invitation["photo"]."</photo>";
	$resBody .="<flag>".$invitation["flag"]."</flag>";
	$resBody .="<link>".xmlencode($invitation["link"])."</link>";
	$resBody .= "</invite>";
}
$resBody .= "</entry>";

header(success_response);
header('Content-Type: text/xml');
header('Content-Length: '.strlen($resBody));
echo $resBody;

?>